Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-10-2024 00:19

General

  • Target

    aedc1682d30f48c49e8d874543093bb3027f4933c95ba75372648a949938c1d2.exe

  • Size

    63KB

  • MD5

    09d115ab61455995c73c841e1168c305

  • SHA1

    288c9ab5132b1c611ac8636333dfd305eebb74b9

  • SHA256

    aedc1682d30f48c49e8d874543093bb3027f4933c95ba75372648a949938c1d2

  • SHA512

    db882b67329e196be8384e85cef3162ceca047d1b41686ee853597264bc5aae0788f34b9984d97b1c95020fa2a3fbb8c861764b9a275a6138055d8cfc5b4b179

  • SSDEEP

    768:jnuguX1wbgyX78dIC8A+XkuazcBRL5JTk1+T4KSBGHmDbD/ph0oXnxuiEG8SuEdP:rvCCPTDdSJYUbdh9nxumuEdpqKmY7

Score
10/10

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:3232

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aedc1682d30f48c49e8d874543093bb3027f4933c95ba75372648a949938c1d2.exe
    "C:\Users\Admin\AppData\Local\Temp\aedc1682d30f48c49e8d874543093bb3027f4933c95ba75372648a949938c1d2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1732-0-0x000007FEF5263000-0x000007FEF5264000-memory.dmp

    Filesize

    4KB

  • memory/1732-1-0x0000000000AB0000-0x0000000000AC6000-memory.dmp

    Filesize

    88KB

  • memory/1732-2-0x000007FEF5260000-0x000007FEF5C4C000-memory.dmp

    Filesize

    9.9MB

  • memory/1732-3-0x000007FEF5260000-0x000007FEF5C4C000-memory.dmp

    Filesize

    9.9MB

  • memory/1732-4-0x000007FEF5260000-0x000007FEF5C4C000-memory.dmp

    Filesize

    9.9MB

  • memory/1732-5-0x000007FEF5260000-0x000007FEF5C4C000-memory.dmp

    Filesize

    9.9MB